I recently became a LastPass online password manager user. I have used Passpack for the longest time but I am trying out LastPass for it’s easy browser integration and login abilities.

LastPass works by encrypting all your passwords with a special encryption key – your master password.

I just received an email today from LastPass saying that they detected some security intrusion into their database and are urging us to change our master password. Here is the complete text of the email.

Dear LastPass User,

On May 3rd, we discovered suspicious network activity on the LastPass internal network. After investigating, we determined that it was possible that a limited amount of data was accessed. All LastPass accounts were quickly locked down, preventing access from unknown locations. We then announced our findings and course of action on our blog and spoke with the media.

As you know, LastPass does not have access to your master password or your confidential data. To further secure your account, LastPass now requires you to verify your identity when logging in. You will be prompted to validate your email if you try to log in from a new location. This prompt will continue to appear until you change your master password or indicate that you are comfortable with the strength of your master password.

You can read a more detailed account on what happened here on this PCWorld interview by LastPass CEO – Joe Siegrist.

We tend to look over traffic logs and look over what’s going on with the networks pretty regularly. Anytime we find any outlier, we want to know why. We try to figure out what’s pulling the data and moving the bits.

This one stuck out to us as abnormal because it happened at a time we didn’t think anyone was working, and it was from machines that wouldn’t be transferring a lot of data between each other. Because of that, it made us a little nervous, a little antsy, so we decided to go through the worst-possible potential case, even if we couldn’t find any real supporting evidence that anything bad had occurred.

I am not sure how I feel about this but I changed my LastPass secure master password again just to make sure my passwords are stored safe.

If you recently changed your LastPass master password and want to recover it because you forgot or lost it, you can go to lastpass.com/revert to get it back.